Snort mailing list archives

Re: Error 422 with snortrules-snapshot-2972.tar.gz

From: Y M <snort () outlook com>
Date: Thu, 2 Jul 2015 21:00:57 +0000

A very wild guess is that v2962 still has a large user base based on number of downloads. This is just a guess.

From: Shawn.Jefferson () bcferries com
To: adimino () sempersecurus org; snort () outlook com
CC: snort-users () lists sourceforge net
Date: Thu, 2 Jul 2015 12:12:11 -0600
Subject: RE: [Snort-users] Error 422 with snortrules-snapshot-2972.tar.gz

That kept happening to me too, so I built in a check into a custom dashboard that we use for Snort.  Speaking of that, 
why is Snort v2.9.6.2 not EOL yet?  I’m probably missing some nuance of the EOL policy.   From: Andre DiMino 
[mailto:adimino () sempersecurus org] 
Sent: June 26, 2015 12:04 PM
To: Y M
Cc: snort-users
Subject: Re: [Snort-users] Error 422 with snortrules-snapshot-2972.tar.gz Thanks.  Those EOL keep sneaking up on me. On 
Fri, Jun 26, 2015 at 1:42 PM, Y M <snort () outlook com> wrote:Hi Andre, Looking at the URL for the rules, it seems you 
are requesting the 2970 tarball which is eol according to the website https://www.snort.org/eol. YMDate: Fri, 26 Jun 
2015 12:33:57 -0400
From: adimino () sempersecurus org
To: jesler () cisco com
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Error 422 with snortrules-snapshot-2972.tar.gz Is anyone else seeing this issue?
I'm now getting Error 422 when downloading via pulledpork: Checking latest MD5 for 
snortrules-snapshot-2970.tar.gz....Error 422 when fetching 
https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5 at 
/home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 
482main::md5file('234f6e519d1ce6e4fa1762e7f9bb7f31fd65b2de', 'snortrules-snapshot-2970.tar.gz', '/tmp/', 
'https://www.snort.org/reg-rules/&apos;) called at /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 1875 I 
didn't see any problems with my pulledpork.conf as Scott observed.  This has worked reliably until now. Andre' On Mon, 
Jun 8, 2015 at 10:00 AM, Joel Esler (jesler) <jesler () cisco com> wrote:You should probably swap step 3 and 2, since 
the links are verified after posting.  :)  --
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com On Jun 8, 2015, at 9:58 AM, Scott Link <linksg () slu edu> wrote: Figured it out.In 
pulledpork.conf, the line starting with rule_url= had a space between the last pipe and our oinkcode. Deleted the 
space, re-ran, success!

Looking at the backup pulledpork.conf files, I see two consecutive days where the file was backed up. The code didn't 
change between the days and the only thing different is the addition of the space.Weird.So, got 422?:Try wget on the 
expected URL. If still 422, escalate to snort.org. If not 422, check pulledpork.conf for spurious rule_url 
entry.Cheers,Scott  On Fri, May 29, 2015 at 8:19 AM, Scott Link <linksg () slu edu> wrote:Joel,  I have confirmed the 
oinkcode in pulledpork.conf matches what's in our account. When I first had this issue, I tried regenerating the code 
and updating pulledpork.conf and got the same result. Since then, I used wget to pull the ruleset and the file with the 
md5sum. I think that would also confirm I'm using a valid oinkcode. Thanks,Scott On Fri, May 29, 2015 at 8:07 AM, Joel 
Esler (jesler) <jesler () cisco com> wrote:Not sure what the issue is, I’m watching the logs on Snort.org right now, 
and thousands of people seem to not be having a problem.  Is your oinkcode valid, no typos in it?  --
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com On May 29, 2015, at 7:49 AM, Scott Link <linksg () slu edu> wrote: In the meantime, I've 
applied the latest Security Onion updates. I had to restart nsm service to get everything back online after, but sostat 
is now reporting all is well.  Retried rule-update and the error message is still there. Any additional information I 
can make a run at tracking down and providing? On Fri, May 22, 2015 at 6:51 PM, Joel Esler (jesler) <jesler () cisco 
com> wrote:We are going to look into this.  However, everyone is pretty much out of the office until Tuesday. --Joel 
Esler Sent from my iPhone
On May 22, 2015, at 4:28 PM, Shirkdog <shirkdog () gmail com> wrote: 
On May 22, 2015 3:45 PM, "Scott Link" <linksg () slu edu> wrote:


Hi,

Getting the following error message:
Running PulledPork.
    Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2972.tar.gz.md5 at 
/usr/bin/pulledpork.pl line 463
    main::md5file(' <oinkcode redacted>', 'snortrules-snapshot-2972.tar.gz', '/tmp/', 
'https://www.snort.org/reg-rules/&apos;) called at /usr/bin/pulledpork.pl line 1885
    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for snortrules-snapshot-2972.tar.gz....

Searching the archive seems to point to server-side issue. Need anything else?

Try with Snort version 2.9.7.3
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
 -- Scott Link Manager, ITS Infrastructure Operations SecuritySaint Louis Universitywww.slu.edu314.977.9713 
 -- Scott Link Manager, ITS Infrastructure Operations SecuritySaint Louis Universitywww.slu.edu314.977.9713

-- Scott Link Manager, ITS Infrastructure Operations SecuritySaint Louis Universitywww.slu.edu314.977.9713 
------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
 -- 
Andre' M. DiMino
DeepEnd Research
http://deependresearch.org
http://sempersecurus.org

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV) 
------------------------------------------------------------------------------ Monitor 25 network devices or servers 
for free with OpManager! OpManager is web-based network management software that monitors network devices and physical 
& virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now 
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to 
stay current on all the latest Snort news!
 -- 
Andre' M. DiMino
DeepEnd Research
http://deependresearch.org
http://sempersecurus.org

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Error 422 with snortrules-snapshot-2972.tar.gz Jefferson, Shawn (Jul 02)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Y M (Jul 02)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (Jul 02)